The Cybersecurity of Critical Infrastructure

Most of the threat variants that have impacted Corporate America have happened primarily to people and digital assets. But there is another area that is just as, or even more, vulnerable to a Cyberattack: Our Critical Infrastructure.

One of the most notable recent breaches to critical infrastructure was the attack on Colonial Gas. Fuel supplies in the eastern part of the United States were entirely shut down, which also caused havoc in the financial markets. Eventually, the CEO paid a hefty ransom in order to restore operations.

Critical Infrastructure also includes other aspects, such as our food distribution systems, the national electric grid, other oil supply lines, and even our water supplies. Although the security breaches which have occurred have yet to be catastrophic, the greatest fear now is that of a large-scale attack across multiple cities, which could bring our nation to its knees.

Through this multi-article series, we’ll demonstrate the devastation that a cyberattack to critical infrastructure can bring. In this blog, we look at attacks that have already happened.

Recent Cyberattacks

• Attack on the Israeli water system
  This cyberattack happened in 2020 in an effort to gain control of the command infrastructure which governed the pumping stations located throughout Israel. These stations not only serviced residential places and businesses, but also the bulk of the irrigation systems for agricultural production. The ultimate goal of the cyberattackers in this instance was to poison the water supply and cause major disruptions during the peak of the COVID-19 pandemic. Fortunately, this attack failed, and there were no adverse effects.

• Breache to the telecommunications sector
  Just recently, an attack occurred on Nippon Telegraph & Telephone (NTT) Communications. They are the fourth largest communications company on a global basis, and they service over 20 countries. In this cyberattack, the datasets of over 620 clients were exfiltrated out to the public, which targeted databases that were located in the cloud and on-premises. The cause of this breach was the poor source that was used to compile various websites, which were all interconnected together. From here, the cyberattackers were able to penetrate a central server to gain access to the databases.

• Attack on the pharmaceutical chain
  In an effort to slow down the vaccine production processes for COVID-19, a hacking group that was backed by China tried to penetrate various websites owned by Moderna. They specifically targeted those employees which had superuser privileges, rights, and permissions. Luckily, nothing disastrous occurred to impede the development of the vaccine.

• Attach on a national power grid
  This attack on Critical Infrastructure occurred back in 2016 in Ukraine. An electrical power company known as Prykarpattyaoblenergo was targeted and well over 700,000 residents in the Ivano-Frankivsk province lost electrical power for a sustained period of time, right in the middle of the harsh winter season. The cyberattacker group known as Sandworm took responsibility for this major malware breach. It was also discovered later that this kind of attack was actually complex in nature and took months of planning before it was executed.

• Attack on the railroad system
  This security breach also occurred in 2016, but this time, it happened in San Francisco. The cyberattackers created a very specialized type of malware, known as Mamba. Ultimately, they were able to gain access to well over 2,000 mission-critical files, which caused the Municipal Railway to be shut down for a period of 4 days. Despite all of this, there were no Personal Identifiable Information (PII) datasets exfiltrated.
   
• Disruptions to the oil supply lines
  This cyberattack occurred in 2017 on a petrochemical plant located in Saudi Arabia. The malware, known as Triton, targeted the Industrial Control Systems (ICS) of that particular plant. Although nothing serious happened, this security breach could have led to the release of toxic gases into the atmosphere, which would have resulted in the deaths of many people living in that region.

Our next article will examine the weaknesses of ICS and SCADA systems, which are at the operational heart of Critical Infrastructure, and what can be done to improve the levels of security in them.